Review on Security and Privacy in Cloud Infrastructures

Review on Security and Privacy in Cloud Infrastructures

Abstract

1. Cloud computing is defined as a model which is based on internet that enable convenient, on demand and pay per user access to gain access to applications and data in a web-based environment on demand (Australian Govern ment, 2010). It satisfies users require ment for co mputing resources like networks, storage, servers, services and applications, without physically acquiring the m. (Choubey, 2011). Cloud service delivery models are Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS). (Pone mon, 2011).

   1. Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable co mputing resources such as networks, servers, storage, applications, and services which can be frequently provisioned and released with less management efforts or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models. (NIST, 2009).A cloud is incorporated with routers, firewa lls, bridges, servers, mode ms and all other network devices.

   2. David C. Chaus self portra it is –

      Figure.1 Cloud Service Models (C.Chau), 2010.

      economic model. (Australian Govern ment, 2010).The capability provided to the consumer is to provision processing, storage, networks and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. (Mudge, 2010).

Figure.2 Public, Private and Hybrid Cloud Deploy ment Exa mp le (Jim Machi, 2012)

1. Private cloud- The c loud infrastructure is operated for a specific organization. It may be managed by the organization or a third party and may be in house. (Jim Machi, 2012).

2. Co mmunity cloud- The cloud infrastructure is shared by several organizations and supports a specific co mmunity that has shared concerns to the mission, security require ments, policy, and compliance considerations. (Mudge, 2010).

3. Public c loud- The cloud infrastructure is made available to the general public or large industry group and is owned by an organization selling cloud services. (Wyld,D C, 2010).

4. Hybrid cloud- Hybrid cloud is a private cloud lin ked to one or more e xternal c loud services, centrally managed, provisioned as

a single unit, and circu mscribed by a secure network (GNI, 2009).It provides virtual IT solutions through a mix of both public and private clouds. Hybrid Cloud provides more secure control of the data and applications and allows various parties to access informat ion over the Internet. (Kuyoro S.O, 2011).

1. A number of the current applications of cloud computing involve consumer services, including e- ma il, and social networks. The protection of personal data and management of privacy issues may well determine the success or failure of many cloud services. (Mudge, 2010).

   As an OECD (Organization for Econo mic Cooperation and Development) paper has noted:

   Co mpanies that wish to provide Cloud services globally must adopt leading-edge security and auditing technologies and best-in-class practices. If they fail to earn the trust of their customers by adopting clear and transparent policies on how their customers data will be used, stored, and protected, governments will come under increasing pressure to regulate privacy in the Cloud. And if government policy is poorly designed, it could stymie the growth of the Cloud and comme rcia l Cloud services. (Prof M R Nelson, 2010).

   1. 1. Net work security

      2. Host security

      3. Application security.

   Encryption for the information security is not a complete solution because data needs to be decrypted in certain situations so that computation can occur and the usual data management functions of indexing and sorting can be carried out. Thus although data in transit and data at rest are effectively encrypted, the need to decrypt, generally by the cloud service provider, can be a security concern. Nevertheless cloud services can be augmented by email filtering (including back-up, and spam), Web content filtering,

   and vulnerability manage ment, all of which imp rove security. (Mudge, 2010).

   The Cloud Co mputing systems are secured if users can depend on them (i.e. Daa S, SaaS, PaaS,Iaa S, and so on) to behave as users expect. Traditionally, it contains 5 goals, say availability, condentiality, data integrity, control and audit, to achieve adequate security. They are integrated systematically, and none of them could be forfe ited to achieve the adequate security.

   1. The goal of availability for Cloud Co mputing systems is to ensure its users can use them at any time, at any place.

   2. Condentiality means keeping users data secret in the Cloud systems. The condentiality in Cloud systems is a big obstacle for users to step into it, as many users said My sensitive corporate data will never be in the Cloud in the article named Above the Cloud.

   Data integrity in the Cloud system means to preserve informat ion integrity (i.e ., not lost or modied by unauthorized users). As data is the base for providing Cloud Computing services, keeping data integrity is a fundamental task. (M.Armbrust,A.Fo x, 2009).

2. Ema il, Instant messaging, business softwares and web content management are applications of the cloud environment. Many of them have been used remotely through internet. E.g. Microsoft recognizes privacy policies and protections to obtain trust of customers. Even secured systems and datacenters help to protect privacy and support. (Microsoft, 2009).

   1. • Are hosted data and applications within the cloud protected by suitably robust privacy policies?

      • Are the cloud computing providers technical infrastructure, applications, and processes secure?

      • Are processes in place to support appropriate action in the event of an incident that affects privacy or security?

      Security is an essential component of strong privacy safeguards in all online co mputing environments, but security alone is not sufficient. Consumers and businesses are willing to use online computing only if they trust that their data will re ma in private and secure. (Microsoft, 2009).

3. Cloud services can thrive when companies are able to provide cloud services in an efficient way and assure customers that their data will re ma in private and secure. (Mic rosoft, 2009)

   1. Challenges

      The following are some of the notable challenges associated with cloud computing, some of them lead to the delay in services and some give the opportunity to be resolved with due care and focus :

      • Security and Pri vac y these challenges can be addressed, for e xa mp le, by storing the informat ion internal to the organization, but allowing it to be u sed in the cloud. For this to occur, though, the security mechanis ms between organizat ion and the cloud need to be robust and a Hybrid cloud could support such a deployment. (Dia logic, 2010).

      • Lack of Standar ds Clouds have documented interfaces; however, no standards are associated with these, and thus it is unlikely that most clouds will be interoperable. The Open Grid Foru m is developing an Open Cloud Co mputing Interface to resolve this issue and the Open Cloud Consortium is woring on cloud computing standards and practices. The findings of these groups will need to mature, but it is not known whether they will address the needs of the people deploying the services. (Dialogic , 2010).

      • Continuously Evol vi ng User require ments are continuously evolving, as are the requirements for interfaces, networking, and storage. This means that a

        cloud, especially a public one, does not remain static and is also continuously evolving. (Dia logic, 2010).

      • Compliance Concer ns These challenges typically result in Hybrid cloud deployment with one cloud storing the data internal to the organization. (Dialogic , 2010).

The review concludes the aspects and dimensions for establishing security and privacy with challenges which would be leading-edge to more efficient and secured cloud services in the cloud infrastructures. By using a cloud system, your companys sensitive data and information will be stored on third-party servers. This article will be helpful to establish a futures powerful and effic ient plus secured network through internet using cloud services. It will be the advanced new technology to the new era and future enhancement.

1. Choubey, 2011. A survey on cloud computing security, challenges and threats. Bhopal, India: IJCSE.

2. Security of Cloud Computing Providers study. Ponemon Institute, Researched report. Sponsered by CA Technologies.April, 2011.

3. Kim-Kwang Ray mond Choo, (2010). Cloud computing: Challenges and future directions. Australian Government,. Australian Institute of Crimino logy (Trends and Issues in crime and crimina l justice). Page No.400.

4. National Institute of Standards and Technology, December 2009, Guidelines on security and privacy in public cloud comuting. [online]. US, special publication 800-144, US depart ment of co mme rce. Standard from Information Technology Laboratory (NIST), accessed on

   14 May 2012 at http://csrc.nist.gov/groups/SNS/cloud- computing/cloud-def-v15.doc

5. Mudge, J C. (2010). CLOUD COMPUTING: Opportunities and Challenges for Australia.[online] Executive summery by The australian academy of Technological sciences and engineering (ATSE). Last accessed on 15 May 2012 at http://www.egov.vic.gov.au/trends -and issues/information-and-co mmunications technology/cloud-computing/cloud- computing-opportunities-and-challenges-

   for-australia -in-pdf-format-1367kb.ht ml

6. Wyld, D C, (2010). The cloudy future of government IT: Cloud computing and the public sector around the world. [online] International Journal of Web & Se mantic Technology (IJWesT), Vo l 1, Nu m 1, January 2010, Last accessed on 22 June 2010 at

   http://airccse.org/journal/ijwest/papers/0101 w1.pdf

7. Chou D C, 16th August 2010. Figure-1, self portrait. [Online image]. Last accessed at 9th May, 2012 at: http://blogs.msdn.com/b/johnalioto/archive/ 2010/08/16/10050822.asp x

8. Nelson M R, (2009). Organization for Economic Cooperation and Development. Briefing paper for the ICCP Technology Foresight Forum: Cloud computing and public policy, Last accessed on 22 June 2010 at http://www.oecd.org/dataoecd/39/47/439337 71.pdf

9. Microsoft. (2009). Privacy in the Cloud Co mputing Era; A Microsoft Perspective, page.no.9 [online]. Lasr accessed on 16 May 2012 at

   http://download.microsoft.com/download/3/ 9/1/3912e 37e-5d7a-4775-b677-

   b7c2baf10807/c loud_privacy_wp_102809.p df

10. Dialogic Corporation, (2010). White Paper: Introduction to cloud computing. [Online]. Last accessed on 14 May 2012 at www.dialogic.com.

11. Machi J., 2010. Figure-2., Dialogoc Exchange Network, Corporate Blog [online image]. Last accessed on May 15, 2012 at http://blog.tmcnet.com/industry-insight/

12. Depart ment for Culture, Media and Sport (DCMS) and Depart ment for Business, Innovation and Skills (DBIS), 2009, Dig ital Britain : Fina l Report, London.

13. Kuyoro S. O., Ib ikunle F. & Awodele O., 2011. Cloud Co mputing Security Issues and Challenges International Journal of Co mputer Net works (IJCN), Vo lu me (3) : Issue (5) : 2011,p249.

14. Global Netopte x corporated.De mystifying the cloud. Important opportunities, crucial choices. pp4-14[online].Last accessed on May 15,2012 at :

    http://www.gni.co m

15. Minqi Zhou,Rong Zhang, Wei Xie, Wein ing Qian, Aoying Zhou, (2010). Security and Privacy in Cloud Co mputing [online]. In: Sixth International Conference on Semantics, Knowledge and Grids. Software Engineering Institute, East China Norma l University, Shanghai 200062, p106. Last accessed on May 16, 2012 at

    {mqzhou,wxie,wnqian,ayzhou}@sei.ecnu.e du.cn, rongzhang@nict.go.jp.

16. M. Armbrust, A. Fox, R. Grifth, A . Joseph, R. Katz, A. Konwinski, G. Lee, D. Patterson et al., Above the clouds: A Berke ley view of cloud computing, University of California, Berkeley,Tech. Rep, 2009.